CVE-2023-2861

A flaw was found in the 9p passthrough filesystem (9pfs) implementation in QEMU. The 9pfs server did not prohibit opening special files on the host side, potentially allowing a malicious client to escape from the exported 9p tree by creating and opening a device file in the shared folder.
Configurations

Configuration 1 (hide)

cpe:2.3:a:qemu:qemu:*:*:*:*:*:*:*:*

History

21 Nov 2024, 07:59

Type Values Removed Values Added
References () https://access.redhat.com/security/cve/CVE-2023-2861 - Vendor Advisory () https://access.redhat.com/security/cve/CVE-2023-2861 - Vendor Advisory
References () https://bugzilla.redhat.com/show_bug.cgi?id=2219266 - Issue Tracking, Patch () https://bugzilla.redhat.com/show_bug.cgi?id=2219266 - Issue Tracking, Patch
References () https://lists.debian.org/debian-lts-announce/2024/03/msg00012.html - () https://lists.debian.org/debian-lts-announce/2024/03/msg00012.html -
References () https://security.netapp.com/advisory/ntap-20240125-0005/ - () https://security.netapp.com/advisory/ntap-20240125-0005/ -
References () https://security.netapp.com/advisory/ntap-20240229-0002/ - () https://security.netapp.com/advisory/ntap-20240229-0002/ -
CVSS v2 : unknown
v3 : 7.1
v2 : unknown
v3 : 6.0

11 Mar 2024, 18:15

Type Values Removed Values Added
References
  • () https://lists.debian.org/debian-lts-announce/2024/03/msg00012.html -
  • () https://security.netapp.com/advisory/ntap-20240229-0002/ -

25 Jan 2024, 14:15

Type Values Removed Values Added
References
  • () https://security.netapp.com/advisory/ntap-20240125-0005/ -

11 Dec 2023, 17:44

Type Values Removed Values Added
References () https://access.redhat.com/security/cve/CVE-2023-2861 - () https://access.redhat.com/security/cve/CVE-2023-2861 - Vendor Advisory
References () https://bugzilla.redhat.com/show_bug.cgi?id=2219266 - () https://bugzilla.redhat.com/show_bug.cgi?id=2219266 - Issue Tracking, Patch
CWE NVD-CWE-Other
CVSS v2 : unknown
v3 : unknown
v2 : unknown
v3 : 7.1
First Time Qemu
Qemu qemu
CPE cpe:2.3:a:qemu:qemu:*:*:*:*:*:*:*:*

06 Dec 2023, 07:15

Type Values Removed Values Added
New CVE

Information

Published : 2023-12-06 07:15

Updated : 2024-11-21 07:59


NVD link : CVE-2023-2861

Mitre link : CVE-2023-2861

CVE.ORG link : CVE-2023-2861


JSON object : View

Products Affected

qemu

  • qemu
CWE
CWE-284

Improper Access Control

NVD-CWE-Other